Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for LXCI for VMware by Lenovo

    CVE-2018-9072 (GCVE-0-2018-9072)

    Vulnerability from nvd – Published: 2018-11-30 14:00 – Updated: 2024-08-05 07:17
    VLAI
    Title
    LXCI for VMware
    Summary
    In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo LXCI for VMware Affected: unspecified , < 5.5 (custom)
    Create a notification for this product.
    Date Public
    2018-11-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:17:50.638Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LXCI for VMware",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-11-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-30T13:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update LXCI for VMware to version 5.5 or higher."
            }
          ],
          "source": {
            "advisory": "LEN-23800",
            "discovery": "INTERNAL"
          },
          "title": "LXCI for VMware",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-9072",
              "STATE": "PUBLIC",
              "TITLE": "LXCI for VMware"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LXCI for VMware",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "5.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update LXCI for VMware to version 5.5 or higher."
              }
            ],
            "source": {
              "advisory": "LEN-23800",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-9072",
        "datePublished": "2018-11-30T14:00:00.000Z",
        "dateReserved": "2018-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:17:50.638Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16097 (GCVE-0-2018-16097)

    Vulnerability from nvd – Published: 2018-11-30 14:00 – Updated: 2024-08-05 10:17
    VLAI
    Title
    LXCI for VMware and LXCI for Microsoft System Center
    Summary
    LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.
    Severity
    No CVSS data available.
    CWE
    • file system modification
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo LXCI for VMware Affected: unspecified , < 5.5 (custom)
    Create a notification for this product.
    Lenovo LXCI for Microsoft System Center Affected: unspecified , < 3.5 (custom)
    Create a notification for this product.
    Date Public
    2018-11-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:17:37.668Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LXCI for VMware",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "LXCI for Microsoft System Center",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-11-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "file system modification",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-30T13:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update LXCI for VMware to version 5.5 or higher.\nUpdate LXCI for Microsoft System Center to version 3.5 or higher."
            }
          ],
          "source": {
            "advisory": "LEN-23800",
            "discovery": "INTERNAL"
          },
          "title": "LXCI for VMware and LXCI for Microsoft System Center",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-16097",
              "STATE": "PUBLIC",
              "TITLE": "LXCI for VMware and LXCI for Microsoft System Center"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LXCI for VMware",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "5.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "LXCI for Microsoft System Center",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "3.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "file system modification"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update LXCI for VMware to version 5.5 or higher.\nUpdate LXCI for Microsoft System Center to version 3.5 or higher."
              }
            ],
            "source": {
              "advisory": "LEN-23800",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-16097",
        "datePublished": "2018-11-30T14:00:00.000Z",
        "dateReserved": "2018-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:17:37.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16093 (GCVE-0-2018-16093)

    Vulnerability from nvd – Published: 2018-11-30 14:00 – Updated: 2024-08-05 10:17
    VLAI
    Title
    LXCI for VMware
    Summary
    In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file.
    Severity
    No CVSS data available.
    CWE
    • information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo LXCI for VMware Affected: unspecified , < 5.5 (custom)
    Create a notification for this product.
    Date Public
    2018-11-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:17:37.690Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LXCI for VMware",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-11-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-30T13:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update LXCI for VMware to version 5.5 or higher."
            }
          ],
          "source": {
            "advisory": "LEN-23800",
            "discovery": "INTERNAL"
          },
          "title": "LXCI for VMware",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-16093",
              "STATE": "PUBLIC",
              "TITLE": "LXCI for VMware"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LXCI for VMware",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "5.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update LXCI for VMware to version 5.5 or higher."
              }
            ],
            "source": {
              "advisory": "LEN-23800",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-16093",
        "datePublished": "2018-11-30T14:00:00.000Z",
        "dateReserved": "2018-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:17:37.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-9072 (GCVE-0-2018-9072)

    Vulnerability from cvelistv5 – Published: 2018-11-30 14:00 – Updated: 2024-08-05 07:17
    VLAI
    Title
    LXCI for VMware
    Summary
    In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo LXCI for VMware Affected: unspecified , < 5.5 (custom)
    Create a notification for this product.
    Date Public
    2018-11-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:17:50.638Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LXCI for VMware",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-11-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-30T13:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update LXCI for VMware to version 5.5 or higher."
            }
          ],
          "source": {
            "advisory": "LEN-23800",
            "discovery": "INTERNAL"
          },
          "title": "LXCI for VMware",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-9072",
              "STATE": "PUBLIC",
              "TITLE": "LXCI for VMware"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LXCI for VMware",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "5.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update LXCI for VMware to version 5.5 or higher."
              }
            ],
            "source": {
              "advisory": "LEN-23800",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-9072",
        "datePublished": "2018-11-30T14:00:00.000Z",
        "dateReserved": "2018-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:17:50.638Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16093 (GCVE-0-2018-16093)

    Vulnerability from cvelistv5 – Published: 2018-11-30 14:00 – Updated: 2024-08-05 10:17
    VLAI
    Title
    LXCI for VMware
    Summary
    In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file.
    Severity
    No CVSS data available.
    CWE
    • information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo LXCI for VMware Affected: unspecified , < 5.5 (custom)
    Create a notification for this product.
    Date Public
    2018-11-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:17:37.690Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LXCI for VMware",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-11-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-30T13:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update LXCI for VMware to version 5.5 or higher."
            }
          ],
          "source": {
            "advisory": "LEN-23800",
            "discovery": "INTERNAL"
          },
          "title": "LXCI for VMware",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-16093",
              "STATE": "PUBLIC",
              "TITLE": "LXCI for VMware"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LXCI for VMware",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "5.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update LXCI for VMware to version 5.5 or higher."
              }
            ],
            "source": {
              "advisory": "LEN-23800",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-16093",
        "datePublished": "2018-11-30T14:00:00.000Z",
        "dateReserved": "2018-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:17:37.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16097 (GCVE-0-2018-16097)

    Vulnerability from cvelistv5 – Published: 2018-11-30 14:00 – Updated: 2024-08-05 10:17
    VLAI
    Title
    LXCI for VMware and LXCI for Microsoft System Center
    Summary
    LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.
    Severity
    No CVSS data available.
    CWE
    • file system modification
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo LXCI for VMware Affected: unspecified , < 5.5 (custom)
    Create a notification for this product.
    Lenovo LXCI for Microsoft System Center Affected: unspecified , < 3.5 (custom)
    Create a notification for this product.
    Date Public
    2018-11-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:17:37.668Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LXCI for VMware",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "LXCI for Microsoft System Center",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-11-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "file system modification",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-30T13:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update LXCI for VMware to version 5.5 or higher.\nUpdate LXCI for Microsoft System Center to version 3.5 or higher."
            }
          ],
          "source": {
            "advisory": "LEN-23800",
            "discovery": "INTERNAL"
          },
          "title": "LXCI for VMware and LXCI for Microsoft System Center",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-16097",
              "STATE": "PUBLIC",
              "TITLE": "LXCI for VMware and LXCI for Microsoft System Center"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LXCI for VMware",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "5.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "LXCI for Microsoft System Center",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "3.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "file system modification"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update LXCI for VMware to version 5.5 or higher.\nUpdate LXCI for Microsoft System Center to version 3.5 or higher."
              }
            ],
            "source": {
              "advisory": "LEN-23800",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-16097",
        "datePublished": "2018-11-30T14:00:00.000Z",
        "dateReserved": "2018-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:17:37.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }